[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] set of ports
 Date:  Fri, 20 Jan 2006 07:48:57 -0600
FiL wrote:
> Hi,
> I'm new to m0n0wall and might have missed something. But I searched
> the web and mailing list archives and didn't find the answer.
> Is there any way of permitting (or blocking) set of ports in one
> rule? I have several (20+) server, which I need to open for the same
> set of ports (8 ports). Writing each port for each server as a
> separate rule is a nightmare. Managing it will be another one.
> If it's not implemented now are there any plans of implementing it?
> What about other ipfw2 features (like sets of IPs within certain
> subnet)? 

At this time you can only set a range of ports. If the ports in question
is a continuous range (80-88) this would work. But, this will not work
if you need 25, 80, 443, etc.

I believe it is on the wish list to have groups of ports.

You can set firewall rules to allow or block traffic to a subnet (the
dropdown says Network). You can also set an alias to a subnet (the
dropdown says Network). If you take this route, you will need to
remember that you cannot use the first and last IPs (Net ID & Broadcast)
- so you may want to use a 27 bit mask giving you 30 hosts. This way you
would have some room to grow. At leas you would only have 8 rules... Not
160...

_________________________________
James W. McKeand